I already had tried updating java and adding the IP to the java security exceptions list but it didn't resolve.
The fix was as follows:
Log into the ASA and go into enable mode
Run "Session ips console" to get into the IPS
tls generate-key
Log back into IPS via the Cisco IME software
https://popravak.wordpress.com/2014/03/10/ioexception-when-trying-to-connect-to-cisco-ips/
I had to get updated lic file from 'licensing@cisco.com' and manually apply it.
Once that was done I manually uploaded the latest signature file (wouldn't apply without updated license)
I found that auto updates won't work unless you have at least version 7.1(11)E4 this is because cisco switched to using SHA2. You need to update the software on the IPS to resolve.
Updating the IPS
Backup your config first (need IP config etc)
Update the secondary ASA/IPS
Need to setup again
Apply license
Apply signature
Failover
Update the primary ASA/IPS
Failback
Make sure to update the secondary ASA first
http://www.cisco.com/c/en/us/support/docs/security/intrusion-prevention-system/116155-configure-product-00.html#anc9
Make sure to download the correct file for your ASA. I had 5515 and needed the .aip file.
https://software.cisco.com/download/release.html?mdfid=283674966&flowid=24482&softwareid=282549758&release=7.1(11)E4&relind=AVAILABLE&rellifecycle=&reltype=all
Enter the sw-module module ips recover configure image disk0:/imagename.aip
No comments:
Post a Comment